I have made Account model, which is now custom user model in Django my app. Also, I have Token authentication, but I do not know how to refresh Token, and how frequently I have to change Token for user.. Also I have a problem, because a user after logging with token can access another account, by just changing id in url. How can I solve this problem. I thought about solution that I put id of user in Token, so when he access to some url I check if it is his id in url from Token. But I am not sure is this is good solution for Django, because I do not know how to add id in Token. Maybe Django has some cleverer solution. I am pretty new in Django, so...
Asked
Active
Viewed 132 times
1 Answers
0
You should not send your AuthToken as a parameter in the url, as you already noticed, someone could just change it to other value expecting to enter an account that does not belong to them.
What you should do is send the token in the body of a POST request like this:
Authorization: Token "your-token"
Or a a Header in a GET request:
headers = {'Authorization': 'Token "your-token"'}
It really depends on what your are trying to do
Jaime Ortiz
- 1,089
- 10
- 14